Ask Your Question
0

what's role for service user on keystone?

asked 2017-07-05 03:22:22 -0500

inki-hwang gravatar image

Hi, I have a question about keystone. In keystone tutorial, if other services(glance, nova..) was added into keystone, keystone add service user having same service name. Then, assigned admin role in service project. What's role for this service user?

I think that admin or demo user need to know service endpoint, but don't need service user. Thx!

edit retag flag offensive close merge delete

Comments

did you read the help text from: keystone-manage bootstrap --help ? The keystone user and its role are passed as parameters to this command.

mlschuler gravatar imagemlschuler ( 2017-07-06 09:43:46 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-07-06 23:07:27 -0500

Bernd Bausch gravatar image

The various parts of an OpenStack cloud (Nova, Glance, ...) communicate with each other via API. To use each other's APIs, they need to authenticate with keystone. For authentication, they need an identity - user, password, project, domain. By convention, the domain is Default, the project is service, the user is the name of the OpenStack component.

They need the admin role to do things a normal user can't, in particular accessing other users' resources.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-07-05 03:22:22 -0500

Seen: 36 times

Last updated: Jul 06 '17

Related questions

Common.wsgi authorization failed

Keystone service doesnt start after reboot

restart openvswitch.service with error

keystone API history page has disappeared

publicURL endpoint for orchestration not found [closed]

nova list shows printt as response

Gnocchi API responses 401 Unauthorised

HTTP 500 error while installing the keystone identity service (Mitaka)

openstack mitaka ubuntu identity v2 401

No connection adapters were found